Daily NCSC-FI news followup 2021-02-24

Haavoittuvuuksia VMwaren tuotteissa – päivitä heti

www.kyberturvallisuuskeskus.fi/fi/haavoittuvuuksia-vmwaren-tuotteissa-paivita-heti VMware julkaisi päivityksiä, jotka tulisi asentaa välittömästi. Haavoittuvuudet mahdollistavat esimerkiksi etänä suoritettavat komennot sekä mielivaltaisen ohjelmakoodin suorittamisen. Kriittinen haavoittuvuus CVE-2021-21972 koskee VMware vCenter Server – -hallinta-alustaa, joka mahdollistaa etänä suoritettavien komentojen suorittamisen. Julkaistu vakava haavoittuvuus CVE-2021-21974 koskee ESXi OpenSLP -puskurin ylivuotoa.

Google funds Linux maintainers to boost Linux kernel security

www.bleepingcomputer.com/news/security/google-funds-linux-maintainers-to-boost-linux-kernel-security/ Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers’ efforts as full-time maintainers exclusively focused on improving Linux security.

CISA Releases Joint Cybersecurity Advisory on Exploitation of Accellion File Transfer Appliance

us-cert.cisa.gov/ncas/current-activity/2021/02/24/cisa-releases-joint-cybersecurity-advisory-exploitation-accellion The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance.

LazyScripter: From Empire to double RAT

blog.malwarebytes.com/malwarebytes-news/2021/02/lazyscripter-from-empire-to-double-rat/ Malwarebytes’ Threat Intelligence analysts are continually researching and monitoring active malware campaigns and actor groups as the prevalence and sophistication of targeted attacks rapidly evolves. In this paper, we introduce a new APT group we have named LazyScripter, presenting in-depth analysis of the tactics, techniques, procedures, and infrastructure employed by this actor group. Lisäksi:

www.bleepingcomputer.com/news/security/lazyscripter-hackers-target-airlines-with-remote-access-trojans/. Lisäksi:

resources.malwarebytes.com/files/2021/02/LazyScripter.pdf

NASA and the FAA were also breached by the SolarWinds hackers

www.bleepingcomputer.com/news/security/nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers/ NASA and the US Federal Aviation Administration (FAA) have also been compromised by the nation-state hackers behind the SolarWinds supply-chain attack, according to a Washington Post report. The two attacks are part of a broader espionage effort targeting and compromising multiple US government agencies over the last year.

Hackers Tied to Russia’s GRU Targeted the US Grid for Years, Researchers Warn

www.wired.com/story/russia-gru-hackers-us-grid/ A Sandworm-adjacent group has successfully breached US critical infrastructure a handful of times, according to new findings from the security firm Dragos. On Wednesday, industrial cybersecurity firm Dragos published its annual report on the state of industrial control systems security, which names four new foreign hacker groups focused on those critical infrastructure systems. Three of those newly named groups have targeted industrial control systems in the US, according to Dragos.

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

thehackernews.com/2021/02/online-trackers-increasingly-switching.html With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy.

Heavily used Node.js package has a code injection vulnerability

www.bleepingcomputer.com/news/security/heavily-used-nodejs-package-has-a-code-injection-vulnerability/ A heavily downloaded Node.js library has a high severity command injection vulnerability revealed this month. Tracked as CVE-2021-21315, the bug impacts the “systeminformation” npm component which gets about 800, 000 weekly downloads and has scored close to 34 million downloads to date since its inception.

Vietnamese Activists Targeted by Notorious Hacking Group

www.amnestyusa.org/reports/vietnamese-activists-targeted-by-notorious-hacking-group/ Hacking group Ocean Lotus, which has been suspected of having links with the Vietnamese government, is behind a sustained campaign of spyware attacks on the country’s human rights activists, a new investigation by Amnesty Tech reveals, underscoring an intensifying assault on freedom of expression. Lisäksi:

www.bleepingcomputer.com/news/security/apt32-state-hackers-target-human-rights-defenders-with-spyware/. Lisäksi:

www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf

You might be interested in …

Daily NCSC-FI news followup 2020-10-21

Useat tahot tutkivat psykoterapiakeskus Vastaamon tietomurtoa ja kiristystä Kyberturvallisuuskeskus pitää tapausta poikkeuksellisena yle.fi/uutiset/3-11605223 Psykoterapiakeskus Vastaamoon on tehty tietomurto. Yritys kertoo tiedotteessaan, että ulkopuolinen henkilö on ollut heihin yhteydessä ja kertonut saaneensa asiakkaiden luottamuksellisia tietoja.. Tiedoista on myös yritetty kiristää rahaa.. katso myös www.is.fi/digitoday/tietoturva/art-2000006677282.html Kelan nimissä kalastellaan verkkopankkitunnuksia ja luottokorttitietoja yle.fi/uutiset/3-11606389 Kelan nimissä lähetetyissä huijausviesteissä väitetään, […]

Read More

Daily NCSC-FI news followup 2019-08-15

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10. Microsoft warns of new BlueKeeplike flaws www.welivesecurity.com/2019/08/15/microsoft-warning-wormable-flaws/ Microsoft issued fixes for four critical vulnerabilities in […]

Read More

Daily NCSC-FI news followup 2019-09-02

Google White Hat Hackers Say Thousands of iPhones Have Been Hacked for Years www.pandasecurity.com/mediacenter/news/google-iphones-hacked/ Last week computer security specialists from Google announced that thousands of iPhones had been hacked using a vulnerability seen in almost every version from iOS 10 through to the latest version of iOS 12. Googles Project Zero team, a division of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.